Hi All,
I'm sure this effects just about everyone out there who runs a mail server.
Every so often we have spammers hammering our mail servers (running Exim)
attempting to relay messages. They fail of course, however they sit there,
some times for several weeks, attempting e-mail address after e-mail
address.
This of course wastes our bandwidth, server resources, and fills our
rejectlog with thousands of failed attempts.
What I would like to do, is after three attempted message relays, the IP
address gets blocked via ipchains/iptables so it can no longer access port
25.
The two options I can see so far are either a program monitoring the
rejectlog file to detect abuse, or an exim filter.
Has anyone attempted to or setup a system like this?
I await your thoughts.
Andrew Tait
System Administrator
Country NetLink Pty, Ltd
E-Mail: andrewt@cnl.com.au
WWW: http://www.cnl.com.au
30 Bank St Cobram, VIC 3644, Australia
Ph: +61 (03) 58 711 000
Fax: +61 (03) 58 711 874
"It's the smell! If there is such a thing." Agent Smith - The Matrix